[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Long Wiki Edits Thread

#189

OK - 66 edits and a ton of research later, the Computer Security Education entry is now ready for review.

Most of the TODO’s have now been addressed.

Painful would be an understatement. I might tackle some smaller entries before the Advanced Security Guide section.

Moving on.

1 Like
#190

Great work on the computer security guide!


Edit wish high priority:
For legal reasons etc… Hard terrain… Not sure I am getting paranoid here, but we shouldn’t call any names. Especially no powerful ones. Especially no legitimate ones.

Could you please look through the wiki for…

  • intelligence agencies
  • NSA
  • etc.

And rewrite them in generic terms? Call them adversary?

We’re pro privacy. We don’t want wifi sniffers in hotspots and other criminals to illegally eavesdrop our communications.

We can still link to articles mentioning any names. Would be hard to find articles in pure generic terms. As for the articles, we are just using them as references proving a claim. Then calling names is a only a by-product and not the point.


Lower priority bonus wishlist: Research Windows / MacOS RAM dumps. During application crashes, they might create a dump of the whole RAM (sometimes called coredump).

http://www.networkworld.com/article/2164903/windows/windows-how-to-solve-windows-8-crashes-in-less-than-a-minute.html

If you could explain that a bit (using that source or any other that more focuses on the outrageous privacy issues) (similar to the existing bullet points). Mention a RAM dump could contain anything done during that session (rather random depending on how the RAM is wiped [if at at all] and depending if it was overwrite. And of course all currently existing contents in RAM. Probably swap is included as well. Including all disk encryption passwords, opened documents contents, other password and whatnot. Very likely would even make security attacks easier since it might exact states about ALSR, seeds, and whatnot.


To make reviews faster and safer, could you please split future edits into parts:

  • a) language fixes
  • b) moving chapters around without changes
  • c) new content

By split, I mean only doing either a), b) or c), and then waiting for the review. That would make reading the diff a lot easier to read.

#191

Thanks.

Fixed the above for Computer Security Education. I’ll check others as I go along and replace with “adversary” or “adversaries”.

Sure. Will do. I’m hoping other entries won’t require the level of change that was seen in Computer Security Education and Tor Browser entries. :slight_smile:

No problem. Will look into it and add to Computer Security Education entry.

Cheers!

1 Like
#192

Could you please review (and comment there is any comments) this upcoming blog post draft?

https://phabricator.whonix.org/T659#13258

#193

Secure downloading of files is an difficult and under documented. Wget seems buggy. Curl is hard to use without running into a downgrade attack. Can you make head or tail of this https://phabricator.whonix.org/T673 ticket?

TODO:

  • search the wiki for torproject.org, where applicable add alternative download links to Tor Project’s onion for downloads from torproject.org to the wiki
  • port wget to curl everywhere
  • perhaps one sentence (a template) explaining why use such a complicated curl command with a link to a page that explains the curl vs downgrade attacks vs wget mess. Perhaps a new wiki page command line downloader?
#194

Hi,

This LGTM.

A few minor nits:

1) Since normal (most) users don’t appreciate/know what localhost actually means, in the first line, localhost could have an imbedded link e.g. [http://whatismyipaddress.com/localhost localhost only] or [https://en.wikipedia.org/wiki/Localhost localhost only].

2) Second line, change “gateway” and “workstation” to “Whonix-Gateway” and “Whonix-Workstation”.

3) Do you need to define “external interface” here to be clear for normal users? That is, I presume it means “A connection to the WAN side of a router”. And not the LAN side.

#195

Not sure I understand all the implications exactly, but I’ll have a crack (see below). Point out what’s wrong.

1) How about, a brief Wiki page somewhere like this:

Secure downloading of files is a complex subject and the potential security implications are poorly understood by most users.

Whonix users will frequently want to download files from the Internet in order to achieve desired aims. Unfortunately, resorting to the simple wget command is ill-advised, because it is [https://lists.gnu.org/archive/html/bug-wget/2012-07/msg00015.html buggy]. For example, if users do not force a request to use SSL encryption, wget can [https://stackoverflow.com/a/38835162 fail silently]. Even when SSL is enforced with a command line option, this can [https://www.gnu.org/software/wget/manual/html_node/HTTPS-_0028SSL_002fTLS_0029-Options.html break interoperability with some sites] that use self-signed, expired or invalid certificates. Users could potentially ignore certificate verification warnings and proceed with downloads where the site’s authenticity is in question.

To provide greater security when downloading, Whonix has implemented a scurl script. This invokes the usage of [https://packages.debian.org/jessie/curl curl] with the following additional command line parameters:

  • –tlsv1.2 --proto =https to enforce strong encryption.
  • –remote-name to simplify naming conventions for downloaded files.

Scurl is not vulnerable to [https://security.stackexchange.com/questions/41988/how-does-sslstrip-work SSLstrip]. This is a man-in-the-middle attack which forces a user’s browser to communicate with the adversary in plain-text over HTTP (poisoning the download).

Unfortunately, scurl is mostly only available in Whonix and the command will generally not work in other distributions. To use scurl, simply run.

scurl {{https URL file location}}

In all cases, users should avoid downloading files over plain HTTP.

2) Suggested template (linking to the above):

‘’‘Warning:’’’ Users should invoke the scurl or curl command to download files instead of using wget. To use it, run either.

scurl {{https URL file location}}

Or manually run.

curl --tlsv1.2 --proto =https --remote-name {{https URL file location}}

3) Once 1 & 2 is signed off and fixed up, I can manually search for wget instructions and replace with scurl in the first instance. I can also do the “adversary” find and replace stuff at the same time.

2 Likes
#196

Looks great!

wishlist:

  • agency -> adversary

Low priority bonus:
Perhaps we can also consider changing some page names. Like Desktop… I only used this because I had no better idea. If you have suggestions on renaming, please make them. It matters, because that influences search engines.

Also a little special attention would be great at page’s description= fields.

|description=Whonix Linux Desktop Tips and Tricks, RAM Adjusted Desktop Starter, Auto Login, Single vs Double Click, full-screen

Because that will likely become the sub text in search engine results. Also influences how the oneboxes in the forums will look like.

#197

OK - great.

1) Do you want to create a scurl template and reference it here and I can fill it out as agreed.

2) Where should the “Safe downloads” wiki entry/page go? Any suggestions?

3) Once the above are done & reviewed, I’ll go through all the main documentation on the main page and search/replace:

  • all wget (change to scurl)
  • NSA, GCHQ, intelligence agencies, agency etc (all changed to adversary/adversaries)

The only exception to the above is things like “NSA Key” which are explicitly referenced as existing in Windows etc, which there is no good way of avoiding.

4) I checked out core dump stuff. Yes, it’s a problem since all the refs show that it can leak encryption keys, passwords etc.

The problem is that Linux is also vulnerable. According to some info I found, apparently even Debian, Arch Linux etc. have some systemd default set to dump shit like this, unless systemd changes are made to some config file / setting somewhere.

It of course begs the question, should Whonix be changing that systemd setting to prevent any potential leaking of critical information in event of one of the (rare) crashes?

Apparently advanced adversaries can try to enforce a crash, just to get their hands on core dump / kernel dump etc information.

5) I’ll keep description=fields on my list, but as a low priority until finishing off Advanced Security Guide and some other key entries.

Agree it is important.

6) Renaming entries. Yes, I agree many need some work. It will become clearer after a ton more editing is finished, because then we will be ready to rework where everything belongs.

I’m gonna suggest some things later on definitely, and see what you think. Especially that “General Information” section on the main page, which needs major merging work & shifting further down the page.

1 Like
#198

https://www.whonix.org/wiki/Template:Scurl

Good question. Created for now:
https://www.whonix.org/wiki/Secure_Downloads

(Unless there are better suggestions for a page name.)

(low priority) Perhaps the chapters from https://www.whonix.org/wiki/Tor_Browser#File_Downloads could be converted into templates and reused on https://www.whonix.org/wiki/Secure_Downloads. I mean, that page could also discuss how to download using a browser.

Great!

They might do core dumps, but I doubt they are auto uploaded anywhere.

2 Likes
#199

https://www.whonix.org/wiki/Template:Third_Party_Repository - perhaps we could suggest using separate Whonix-Workstations?

#200

Fixed.

Fixed.

Agree. Create a template, and I’ll fill it out for you.

Fixed.

My TODO (to keep track):

  • Fix extra template (above) when created
  • Finish coredump entry
  • Fix find and replace terms
  • Torproject downloads changed to .onion references
  • Start Advanced Security Guide

Lower priority:

  • Description Fields
  • Renaming/shifting entries around
1 Like
#201

But do you have any sources on whether they send this stuff in bug reports automatically like Windows?

For debugging and dev purposes it would make sense but for anything that uploads this sensitive info its a privacy nightmare.

#202

Added usage instructions to https://www.whonix.org/wiki/Template:Scurl that explains how to pass the url as variable to the template.

1 Like
#203

Could you please fill out description= in https://www.whonix.org/wiki/Secure_Downloads and add to https://www.whonix.org/wiki/Documentation?


research and document secure downloads using Tor Browser:
https://phabricator.whonix.org/T677

1 Like
#204

Yes, you’re both right. I don’t see anything indicating core dumps ever go back to Debian HQ or similar in Linux. :slight_smile:

Still, it was a surprise to learn that it was turned on by default. I’d assumed that only debuggers would enable it with a setting, not Debian would decide for all of us in advance that dumping this information locally on the HDD/SDD would (somehow) be a good idea.

I mean, Linux crashes so rarely compared to that trumped up malware running on most desktops.

#205

Just checking here that I am doing {{scurl|
https://www.whonix.org
}} kind of thing for every wget instance?

How about the Security Guide for “Secure Downloads” info? Then after putting in that extra info there, do I just delete the page where it is now i.e. https://www.whonix.org/wiki/Secure_Downloads?

I’ll work on something else until the above is confirmed i.e. because I don’t want to stuff it up.

1 Like
#206

Right.

1 Like
#207

I am undecided. Security Guide is already massive in length. The old question on how to organize such as massive amount of docs to make it useful for most users. What about just adding it to the security guide checklist?

Any opinions?

#208

OK - will do that now and just link to the existing page. If anyone wants to move it somewhere else later on - no problem.

I’ll get busy with those find / replace items too.

Cheers

1 Like